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FOREWORD 


This report summarizes the development work of advanced instrumen- 
tation concepts for regenerative environmental control and life 
support systems conducted by Life Systems, Inc. during the period 
of July, 1976 to June, 1978 under NASA Contract NAS2-9251 . The 
Program Manager was Dr. P. Y. Yang. Technical support was provided 
by F. H. Schubert, J. R. Gyorki, Dr. R. A. Wynveen, Dr. J. Y. Yeh, 

J. D. Powell, Jr., L. W. Krebs and D. C. Walter. Administrative 
and documentation support was provided by J. W. Shumar, R. R. Kohler, 
C. A. Lucas and L. C. DeVito. 


Part of the demonstration of the advanced instrumentation concepts 
was carried out with hardware developed under Contracts NAS 2-8666 
and NAS9-15218. The support and technical contributions by P. D. 
Quattrone, N. Lance, Jr. and F. R. Samonski, are gratefully acknowledged, 

The program f s Technical Monitor was P. D. Quattrone, Chief, Advanced 
Life Support Project Office, NASA, Ames Research Center. 
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SUMMARY 

A program to design, evaluate and demonstrate advanced instrumentation concepts 
for improving performance of manned spacecraft environmental control and life 
support systems was successfully completed at Life Systems, Inc. An operator/ 
system interface which is an uncomplicated design intended for Use by tech- 
nically untrained personnel has been designed, fabricated and demonstrated. 
Concepts to aid maintenance following fault detection and isolation were 
defined and a computer-guided fault correction instruction program designed 
and demonstrated in a packaged unit which also contains the operator/system 
interface. 

The major accomplishments of the operator/ system interface development are: 

• Design of a human engineered front panel. 

• Design of a logical and easy-to-use message display panel and its 
display format. 

• Development of a unique, dedicated, operator command keyboard. 

The benefits of such an opera tor/ system interface include : 

• Reduced operator errors by human engineered design of the interface 
panel . 

• Increased value of testing by having more operating information in 
engineering units. 

• Decreased operator time by faster access to performance, data and 
operating conditions . 

• Decreased cost of field service by making adjustments available to 
authorized, on-site test engineers. 

• Reduced system development time by allowing easy system/ operator 
information exchange and by commonality in the design. 

• Decreased instrumentation development risk by providing flexibility 
in the design. 

The major accomplishments of the maintenance aid study are: 

• Definition of fault diagnostic concepts as they relate to environ- 
mental control and life support systems. 

• Definition of maintenance aid concepts as a part of fault diagnostics. 

• Development of computer-based maintenance aids to guide technically 
untrained personnel in fault correction. 
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The benefits of the maintenance aids include: 

• Reduced system downtime by computer-aided maintenance instructions, 

• Reduced operator errors by guided, step-by-step fault isolation and 
correction instructions. 

• Reduced dependence on bulky maintenance manuals by instructions 
stored in computer memory. 

• Reduced operator training by user-oriented instructions. 

I 

INTRODUCTION 

Regenerative Environmental Control/life Support Systems (EC/ISS) have been 
under development for many years. } The objective is to enable long duration 
manned space missions to be accomplished. This requires that subsystems which 
need expendables with large launch weight penalties be replaced by regenera- 
tive subsystems for water and oxygen (0 ? ) reclamation. The regenerative 
EC/ISS consists of two major systems: the Air Revitalization System (ARS) and 

the Waste Water Management System (WWMS) . 

One of the regenerative EC/ISS hardware goals is to allow several years (e.g. 
five years) of operation before hardware replacement is necessary. In-flight 
servicing and maintenance will, therefore, be needed. However, the avoidance 
of excessive crew training requires that maintenance be minimized and aids be 
provided when maintenance is needed. To accomplish this goal these systems 
require advanced control and monitor instrumentation. 

Background 

life Systems, Inc. has been involved in the design, development and testing of 
ARS subsystems to remove excess moisture from the air, concentrate carbon 
dioxide (CO,,) from the air, reduce CO^ to water and methane or carbon, generate 
0 9 from water, resupply nitrogen (N^) and provide NL and hydrogen (H„) separa- 
tion. In addition, life Systems, Ing^ has also developed a separate TElectro- 
chemical Air Revitalization System. J 

An ARS is a complex integration of subsystems containing a range of electro- 
chemical, mechanical and electrical components. The importance of instrumenta- 
tion is to maintain the desired operating conditions, to coordinate the opera- 
tion of all these components and to monitor the subsystem performance. It is 
equally important to recognize that the development of instrumentation should 
be maintained at a pace consistent with the development of the subsystem's 
electrochemical and mechanical hardware. 

Instrumentation Development Area 

Instrumentation development efforts can be divided into the following areas: 


(1) References cited in parentheses are listed at the end of this report. 
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x. 

2 . 


3. 

4. 

5. 

6 . 

7. 

8 . 


Integration of subsystems into a complete system 

Development of instrumentation's interior architecture (processor, 
logic, memory, input/output, signal conditioner, power conditioner 
and power supply) 

Development of test support accessories (TSA) controlled interfaces 

Development of an opera tor/system interface 

Development of system maintenance aids 

Incorporation of advanced instrumentation concepts 

Incorporation of the developer's knowledge of operation 

Development of instrumentation packaging 


Figure 1 shows the relationship among these eight developmental areas. Of the 
eight areas, the program addressed two: development of the operator/system 

interface and development of system maintenance aids. 


Area 1, integration of ^gey^r^jU subsystems into a system, was completed on 
independent programs. * This was accomplished through a series of 

stages including a laboratory breadboard of a Sabatier-based Oxygen Reclamation 
System for one person using a liquid-cooled Electrochemical Depolarized CO^ 
Concentrator (EDC) and a laboratory breadboard using a Bosch^based. Oxygen 
Reclamation System for four persons using an air-cooled EDC. , J 


Area 2, development of the instrumentation’s interior architecture, was initially 
defined on a water reuse development program. ^ ' It was improved upon on the 

current program. It is necessary to periodically reevaluate the instrumenta- 
tion's interior architecture and to upgrade it according to added requirements 
and improvements incorporated in the other development areas. 

Area 3, development of the TSA control interface, was completed on prior 
programs. This consists of the design of the instrumentation used to manipulate 
and regulate the TSA simulating the spacecraft facility and process air streams 
including variations in them. 

Area 4, development of the operator/system interface, was a natural selection 
for the current program since, properly done, it can significantly reduce the 
cost of EC/LSS hardware developments. 

Area 5, development of system maintenance aids, while less important during 
initial development phases, becomes increasingly important as flight hardware 
is approached. It is a development area, however, that cannot be implemented 
at "the last minute." Human engineered maintenance aids for regenerative 
EC/LSS hardware will be an evolutionary process. Little technical data or 
practical foundations exist. Once an operator/system interface is developed 
the communication from the system to the operator regarding maintenance require- 
ments can be completed. As Figure 1 shows, the incorporation of maintenance 
aid information influences the instrumentation's interior architecture; e.g. , 
the size of memory and the number or sequence of inputs and outputs. 

Area 6, incorporation of advanced instrumentation concepts, was not selected 
since instrumentation technology is advancing very rapidly and is considered 
to have a lower priority than areas 4 or 5. Examples of advanced instrumenta- 
tion concepts are dynamic performance trend analysis and self-healing electronics 
for common failure modes. 


Test Support 
Accessories (TSA) 


Integrate Subsystems 
Into System 


Develop System 
Maintenance Aids 


Develop TSA 

Controlled 

Interfaces 


Develop Instrumentation 1 s 
Interior Architecture 


Develop Operator/ 
System Interface 


Incorporate Advanced 
Instrumentation 
Concepts 


Evaluate Subsystem 
Components and Performance 
Requirements 


Incorporate 
Developer f s 
Knowledge of 
Operation 


Develop Instrument a t ion Packaging 


FIGURE 1 INSTRUMENTATION DEVELOPMENT AREAS 
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Area 7, incorporating the developer* s knowledge of operation into the instru- 
mentation.* has been planned for future development. It is the area in which 
the equipment becomes totally independent of the need for the developer* s 
personnel and their intimate understanding of the uniqueness of each of the 
various subsystems and their interrelationship. This knowledge requires a 
reevaluation for those subsystem component characteristics and performance 
requirements that appear infrequently in the course of nominal operation. 

They are the ones which typically fail to be communicated when hardware, but 
not operating knowledge, is transferred from the developer to the user. 

Area 8, development of instrumentation packaging, was an obvious area to 
delay. As long as nominal consideration of end-item requirements are included 
in the development phases, the developed instrumentation should readily be 
capable of being packaged according to flight specifications and configurations. 

Program Objectives 

The overall EC/LSS instrumentation development program objectives are to 
increase instrumentation capacity and reliability while decreasing its weight, 
power, volume, cost and maintenance requirements. 

Design Guidelines 

The design guidelines established by the National Aeronautics and Space Administra- 
tion (NASA) included: 

1. Employ commonality of design for lower development cost and lower 
user cost. 

2. Emphasize flexibility and development capability during the develop- 
ment stages while allowing and requiring minimum effort to redesign 
for dedicated flight hardware. 

3. Provide instrumentation hardware and techniques for users that do 
not have electronics engineering background. 

4. Allow expandability and compatibility for continuous upgrading as 
electronic technology advances. 

Program Objectives 

The specific objectives of the program were to: 

1. Establish the various operator/ system interface techniques applicable 
to advanced ARS hardware, select a preferred technique in light of 
the guidelines, prepare a description of the recommended operator/ 
interface technique and then fabricate and test a hardware demonstra- 
tion of the approach. The techniques considered included advanced 
and current state-of-the-art interface concepts. 

2. Establish the various concepts of maintenance aids that could be 
used to provide fault correction instructions for failures of compon- 
ents or subsystems of an ARS, select a technique, prepare a description 
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of the recommended approach and demonstrate the approach. This included both 
aids in fault isolation and correction to the line replaceable unit (LRU) and 
line replaceable component (LRC) levels. 

The objectives of this program were met. The following sections summarize the 
work completed and the conclusions and recommendations reached. 

OPERATOR/SYSTEM INTERFACE 

In the development of regenerative EC/LSS, instrumentation characteristics 
will change going from one development stage to another depending on the 
unique services a development stage demands. Table 1 illustrates this trend 
in characteristics for a subsystem going from exploratory development to 
production. As the development stage moves toward production, there is a 
decreasing amount or extent of: 

• Debugging Effort 

• System Downtime -- both Scheduled or Unscheduled 

• Flexibility in Operation and Configuration 

• Scientific and Development Inputs to the System 

• Operator/System Interfaces 

• Manual Calibration of Sensors and Actuators 

• Weight, Volume and Power Consumption 

During the same transition however, there is an increasing need for: 

• Reliability 

• In Situ Calibration 

• Fault Tolerance 

The opera tor/ system interface can be used to illustrate the trend through the 
development stages. During exploratory and advanced development, the developer* s 
technical personnel as well as the user’s personnel will need to make changes 
in control and alarm setpoints and to interrogate the current operating 
status of process parameters or components (e.g. , an electrochemical cell 
operating voltage). When the operational and production state is reached 
control and alarm setpoints will be established, monitoring of process parameters 
will be automatic With adjustments automatically made if required. Table 1 
also shows that the type of instrumentation or level of instrumentation varies 
going through the various phases of a particular development program. More 
instrumentation is needed during the debug phase and especially during checkout 
and shakedown. During design verification testing (DVT) and parametric testing 
the developer wants considerable quantities of performance data , During 
endurance testing, however, less data is needed since operational success can 
be reflected by the continuing performance of the system at nominal conditions 
or under actual operating constraints » 

Upon shipment , the instrumentation remaining in the hardware will meet the 
requirements NASA has established for the hardware being delivered. It can be 
technology/parametric- oriented or opera tional-oriented. 


TABLE 1 TYPE OF FRONT PANEL 


Development 

Stage 

Exploratory 

1 

Advanced 

i 

Engineering 

Operational 

* „ 

Production j 


Debug 


Phase of Program 





Testing 


Integrate 





Endurance 

Mech. 

Check- 

Shake- 



Real 

and Elec. 

out 

down 

DVT 

Parametric 

Nominal World 


1. Decreasing Need for Information on Current Step 
in Sequence 

2. Decreasing Need for Override 
3* Less Debugging Needed 

4. Less Flexibility Needed 
f 5. Less Scientific & Development Inputs 
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Visual Interface 

State of the art opera tor /system visual interfaces have already progressed 
from the use of gauges , meters and switches to shutdown lights, illuminated/ 
annunciator indicators and, more recently , -.four level indicator lights display- 
ing performance status and trend analysis. } An example of this type of 
hardware is shown in Figure 2. 


In keeping with the advancements in electronic technology, however, there are 
improvements also being made in display techniques. These include cathode ray 
tube (CRT) displays, gas discharge (GD) matrix message display panels and 
intelligent displays which change symbol format and manipulate graphic and 
alphanumeric symbols under computer control. Figures 3 and 4 illustrate the 
CRT and the GD type matrix display panel . 


CRT Display Selected . Of the eight visual interface techniques screened, the 
black and white alphanumeric CRT display technique was selected for the EC/LSS 
development level use. 



Display techniques employing gauges and meters, illuminated switches and 
message displays, and graphic annunciator display were eliminated because they 
provided too little information, required too much interpretation or too high 
an operator skill level and provided no advanced warning of impending shutdown 
or the cause contributing to it. 

The four-level indicator light display style (Figure 2) represents progress by 
providing performance trend and fault diagnostic data without the need to read 
meters or gauges. It does not, however, completely satisfy all the functions 
of fault diagnostics. In addition, it did not provide adequate flexibility 
that was projected to be needed when the maintenance aids function was to be 
incorporated. 

The display technique utilizing dot matrix gas-discharged message panels is an 
attractive approach. It can provide for system- to-operator messages , limited 
quantities of performance trend and status data and is capable of being applied 
to flight systems having a small size and low power consumption, The display 
capability (maximum number of characters on display panel) however, is limited. 
The technique is not satisfactory for applications in experimental systems 
where a large quantity of display messages are expected during early development 
stages. 
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TABLE 2 OPERATOR/ SYSTEM INTERFACES AVAILABLE 

Visual 

• Dials and gauges 

• Illuminated transparent switches, symbols , indicators and 
message displays 

• Visible or Dead Face^ Legend Graphic Annunciator Display 

• Four Level Indicator Light Display 

• Graphic Display using filmstrips - random access 

• Gas Discharge (GD) Matrix Message Panel Display 
0 Cathode Ray Tube (CRT) Display 

- Black and white 

- Multicolored (e.g. , up to 8 colors) 

• Graphic or Intelligent Displays - change symbol format and 
manipulate alphanumeric and graphic symbols under software 
control (panel form in the library) 

- Graphic using alphanumerics - nonblinking 

- Graphic line generation - blinking , erase 

- Graphic line generation - with multicolors 

Contact /Touch Activated 

• Standard keyboards 

• Custom keyboards 

• Light pen interaction with CRT 

•Audio 

• Warning sounds - bells, buzzers, sirens 

- Continuous 

- Beep 

• Voice Output systems - stored spoken words 
(a) Blank until illuminated. 
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FIGURE 2 FOUR-LEVEL INDICATOR TYPE OPERATOR/ SYSTEM INTERFACE 
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FIGURE 4 GD DISPLAY UNIT 
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The display technique utilizing a CRT is particularly attractive when large 
quantities of information is being exchanged between an operator and a system 
and where visual readout of this information is rapidly required. 


Table 3 gives a comparison of the CRT and the GD type display characteristics. 

It shows that the life expectancy, legibility, driving voltage, power consump- 
tion, size, weight, maintenance requirements and readability from distance are 
in favor of the GD type display techniques . On the other hand the cost and 
data capacity are in favor of the CRT type display technique. The display 
capability (maximum number of characters on display panel) is usually limited 
to 480 characters on a GD type display panel as compared to 1,920 characters 
on a CRT type display panel. The CRT type display panel is therefore over- 
whelmingly better than the GD type display panel in applications of experimental 
systems where a large quantity of display messages are expected. The technique 
utilizing an intelligent graphic display was eliminated because of its large 
physical size and the required extensive software program. Therefore, it is 
concluded that the black and white CRT display is optimal for flight experiment 
instrumentation design within the criteria for size, display capacity and 
development cost. 


GD Display for the Future . The display characteristics shown in Table 3 
clearly indicate that the GD type display will ultimately be the display of 
future EC/LSS instrumentation of which the data display capacity is expected 
to be lower than that of the present design. 


Contact/Touch Activated Interface 


Not withstanding that various standard contact/ touch activated interfaces are 
available, the custom-made keyboard design was selected. 


A possible standard off-the-shelf keyboard is an American Standard Code for 
Information Interchange (ASCII) keyboard (see Figure 5). An ASCII keyboard 
has the advantage of being flexible through the combinations of the standard 
alphanumerical keys. However, some training is necessary for the operator to 
become familiar with entering the command and some level of typing skills is 
required to use the interface . A computer program is required to edit and 
interpret a large number of operator commands to be entered via an ASCII 
keyboard. Therefore, the design with standard keyboards is eliminated for 
EC/LSS instrumentation because of the larger size, the required operator 
training and the longer operator/system interactive time when entering commands 
or data . 


Light pen interaction with the CRT is an advanced technique which has received 
more attention in recent years. However, implementation of this technique 
requires higher hardware cost. A high resolution graphic CRT terminal instead 
of the low cost alphanumerical CRT terminal is required in addition to the 
hardware cost to handle the light pen interaction. The physical size of such 
a hardware system is also larger than that of a custom-made keyboard. 


The advantages of designing with a custom-made keyboard include less operator 
training time required and faster operation actions in entering the commands . 
Because the operator command keyboard is custom-made to meet the specific 
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TABLE 3 COMPARISON OF CRT AND GD DISPLAY PANEL 


1. Life Expectancy, h 


2. Legibility 


20,000 


Characters uniform 
±10% except at dis- 
play boundaries 



50,000 


Distortion free 
extremely uniform 
characters 


3. Driving Voltage 


4. Power Consumption 


High 


Medium 


5. Display Format 


Dot matrix or solid 


Dot matrix 


6. Character Height 


Variable; can be 
small 


Normally larger 


7. Cost per Character 


Lower 


Higher but reducing 


8. Size 


Bulky 


Compact, flat 


9 . Data Capacity 


High; commonly 

80 x 24 = 1,920 char. 


Low to medium; commonly 
40 x 12 = 480 char. 


10. Weight 


Heavy 


Light 


11. Maintenance 


Frequent adjustment 
on focus, centering 


Less frequent 


12. Readability from 
Distance 
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FIGURE 5 OFF-THE-SHELF KEYBOARD 
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requirements of a subsystem, each of the pushbuttons or keyboard switches is 
dedicated to a specific function. For example, instead of typing a character 
string "ON-LINE DISPLAY PRESENT VALUE TEMPERATURE SENSOR 001," the operator 
can now complete the command by pressing a total of seven pushbuttons : one 

for type of operation, one for type of function, one for type of sensor/ 
actuator, three for sensor code/data and one to terminate the command strings. 
Therefore, faster operator action is achieved and less operator training is 
required. Figure 6 shows the custom-made operator command keyboard for the 
Experimental One-Person Air Revitalization System (ARX-1) and the Three-Person 
CO^ Collection Subsystem (CS-3) . 

Audio Interface 

There are two types of audio interfaces: Cl) warning sounds such as bells, 

buzzers and sirens and (2) a more advanced system with voice output. Voice 
output systems (also termed audio response units) are recent advanced products 
and are still being developed. Their costs are comparatively high and perfor- 
mance has not yet reached the proper maturity stage. The audio interface 
selected for the EC/LSS instrumentation is a buzzer design which is used to 
alert the operator whenever a system alarm shutdown has occurred. The fre- 
quency of the buzzer can be controlled by the computer so that different 
frequencies (number of beeps per second) are available for different condi- 
tions. For demonstration, only one level is implemented. 

Options for Front Panel Mounted Items 

The options for front panel mounted items are shown in Table 4. These items 
include system power components (circuit breakers and power on/ off pushbuttons 
or switches), control components (override switches, control knobs , control 
switches, control selection pushbuttons , control mode and transition status 
display, auxiliary mode selection, concealed or recessed overrides and controls, 
control command pushbuttons) and monitor components (monitor messages, monitor 
commands, monitor resets, parametric data displays, test points, valve position 
indicators, three or four level lights, lamp test buttons, elapsed time indica- 
tors, system schematic or simplified schematic combined with status indicators, 
etc.). An EC/LSS instrumentation designer can choose features from this table 
to decide what front panel components should be included for a specific require- 
ment. 

Human Engineering Design of Operator/System Interface 

A general front panel layout illustrating its universal applicability is shown 
in Figure 7. The right-hand side of the panel consists of the system control 
functions . It contains the control pushbuttons for manually selecting opera- 
ting mode/ commands. The bottom right-hand side provides for manually overriding 
the automatic protection and actuators as well as a location of incorporating 
actuator control adjustment knobs. The control status section provides an 
operator with an indicator alerting him when the automatic protection is off, 
when the actuator overrides are on and when the panel switches are disabled so 
unauthorized personnel cannot change the operation. The left-hand side of the 
panel contains the system status information. It is divided into three areas : 
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TABLE 4 LIST OF OPTIONS FOR FRONT PANEL MOUNTED ITEMS 


Circuit Breakers 
Power On 
Test Points 

Parametric Data Displays 

Valve Position Indicators /Over ride 

Multiple Level Lights 

Totally Blank, (Start/ Stop Only) 

Remote Locatable 

Lamp Test Buttons 

Elapsed Time Indicators 

Override Switches 

Control Knobs 

Control Mode Selection 

Control Mode Transition Status 

Auxiliary Mode Selection/ Status 

Concealed Overrides/Controls/Recessed Panel 

Control Commands 

Monitor Messages 

Monitor Commands 

Monitor Resets 
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system status summary, operator/system messages and operator commands . The 
system status summary reflects the worst case of the four levels of the per- 
formance trend concept: normal, caution, warning and alarm. 

The human engineering design features of the above-described instrumentation 
front panel include the following: 

a. The control and monitor instrumentation functions are grouped indi- 
vidually: control on the right-hand side and monitor on the left-hand 

side. 

b. The control functions are further grouped into operating mode/commands , 
control status, automatic protection overrides, actuator overrides 

and actuator controls. 

c. The monitor functions are further grouped into system status summary, 
operator/ system messages, and operator commands. 

d. The operator commands are further grouped into operation, function, 
sensor/ actuator and code/data . 

e. A "MODE CHANGE PERMIT" pushbutton is incorporated into the system 
control pushbuttons so that pressing two buttons simultaneously is 
required to enter a system control command. This design eliminates 
any accidental activation of the control buttons. 

f „ The overrides, switches and control knobs are concealed in a recessed 
panel to limit access to trained operators only. 

gv The operator authorization password concept is incorporated into the 
design to prevent any unauthorized personnel from changing the 
system operation. 

h. An audio signal is used to alert the operator of a system alarm 
shutdown. 

There are other human engineering considerations in the areas of CRT message 
display design and maintenance aid instruction design which will be discussed 
in the latter part of this report. 

Operator Commands 

One of the benefits of computer-based instrumentation is that the software 
allows flexibility in changing control and monitor setpoints and characteristics. 
The available operator commands for the EC/LSS instrumentation are shown in 
Figure 8. These operator commands include: 

1. The basic functions a test engineer would normally need to examine 
and modify the control and monitor setpoints . 

2. The basic functions a test engineer would normally need to carry out 
a test program such as to examine the present value of an analog 
sensor and to request the present value of an analog sensor data be 
displayed and updated constantly among several. 
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3. The functions to clear the display screen, to acknowledge system 

messages and to request (in an interactive manner) that more messages 
be displayed. 


Examine 


The "examine” function allows an operator to examine the present value of an 
analog sensor, a digital sensor, a timer and an actuator status. It also 
allows the operator to examine the scale factor of an analog sensor, the 
setpoints of an analog sensor, the allowable range of an analog sensor and any 
sequence timing constants. The real-time data of the requested parameter will 
be displayed on the CRT display screen at the time of the examine function. 

The displayed data are not updated automatically after the completion of the 
function. 

Modify 

The "modify" function allows an operator to make modifications to the scale 
factor of an analog sensor, the setpoints of an analog sensor, the allowable 
range of an analog sensor and any sequence timing constants. 

On-Line Display 

The "on-line display" function allows the operator to request that the present 
value of a digital actuator, an analog sensor or a timer be displayed on the 
CRT screen and be updated at a predetermined rate, typically two to several 
seconds (but could be as long as a few minutes). 

Setpoint Modification Relationship 

Figure 9 shows the relationship between the setpoints of an analog sensor. 

This relationship is important for an operator to make correct modifications 
to control and monitor setpoints. The figure illustrates the relationship 
with a temperature sensor range. Control setpoints are usually set at the 
narrowest band; e.g., between 21 and 24 C. The next one in the hierarchy is 
the caution band; e.g., the temperature caution setpoints may be at 20 and 
25 C. Warning setpoints are next in the hierarchy; e.g., 18 and 27 C. Alarm 
setpoints are next after warning setpoints ; e.g. , 16 and 29 C. All the setpoints 
mentioned so far have to maintain their relative hierarchical relationship 
beginning from the control setpoints to the alarm setpoints. In addition, all 
these setpoints have to fall in the range of allowable alarm setpoints. This 
allowable range concept is designed to prevent an operator from mistakenly 
resetting any of the previously-mentioned setpoints to a level where it may 
exceed the physical limits or it may create hazards to the system. For example, 
the allowable range for the temperature sensor mentioned above may be from 10 
to 35 C„ . 

! Authorization Code 

An authorization code concept is incorporated to prevent any unauthorized 
operation of the control and monitor instrumentation. As shown in Table 5 , 
there are five personnel authorization levels. At the lowest authorization 
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level, the person cannot operate front panel switches. At authorization level 
2, a person can operate front panel pushbuttons hut cannot modify any of the 
parameters or setpoints. At authorisation level 3 a person can operate the 
front panel and modify the Control Setpoints, Normal, Caution and Warning 
setpoints and sequence Timing Constants. At authorisation level 4, a person 
is allowed to modify the Alarm setpoints in addition to those described above, 

At the highest level, level 5, a person can modify the factory-installed 
allowable range setpoints and sensor scale factors in addition to all of the 
above described setpoints. 

The authorization code design illustrated above is important when restrictions 
of access to the system characteristics modifications are desired. However, 
the levels of authorization code in an actual implementation could vary with 
systems, for example, a designer may elect to implement only two or three 
levels of authorization codes . 

CRT Display Partition 

A number of CRT partition options were evaluated (see Table 6). These options 
include dedicated communication areas, dedicated fault diagnostic areas, 
horizontal partition, vertical partition, on-call, full screen display, on-call 
full screen fault diagnostics and real-time data display. Among these options 
three are evaluated in greater detail. These three options are shown in 
figures 10, 11 and 12, 

figure 10 shows a partition of the CRT display into the following areas; 
fault diagnostic messages, on-line sensor data display, operator command 
display, operations outputs and data input display and system/ operator eommunl- 
cation display. The display capacity of each of the partitions mentioned 
above may vary as long as the total capacity is within 24 lines and 80 characters 
per line. A typical partition would: have six lines for fault diagnostic 
messages, eight lines for on-line data display, one line for operator command 
display, eight lines for output and input display and one line for system/opera- 
tor communication display. 

Figure 11 shows a partition of the CRT screen into the following areas i fault 
diagnostic messages, on-line data display, operations output and data input 
display, operator command display, timer display and system/ operator communica- 
tion display. Typical capacities of the partitions are eight lines for fault 
diagnostics messages, eight lines for on-line data display, five lines for 
output and input display and one line for each of the operator command, timer 
and system/ operator communication displays, 

Figure 12 shows a more advanced and ideal partition of the CRT display screen. 

It utilizes both horizontal and vertical partitions. The screen is divided 
into the following areas; fault diagnostics up to 24 lines and 4Q characters 
per line, operating station and operations -.'output/ data input area up to 21 
lines, 60 characters per line, four timers (15 characters per timer), one line 
of operator- to-system command (60 characters) and one line of system-to-operator 
communication display (60 characters ). 
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Operator/System Interface Demonstration 


Two of the Environmental Control and Life Support Subsystems or Systems under 
development were selected to demonstrate the operator/ system interfacing 
techniques devised. The two systems are the CS-3 for the Regenerative Life 
Support Evaluation (RLSE) and the ARX-1 . The ARX-1 combines the function of 
CC >2 removal, 0^ generation, CO^ reduction, water vapor removal, N generation 
ana water recovery. Both pieces of hardware were developed at Lire Systems. 
Figures 13 and 14 show the front panel design for the ARX-1 and CS-3, respectively. 


The operator/system interface is performed solely through the front panel of 
the systems. Three operator/system interfacing techniques are selected for 
demonstration: (1) visual, (2) contact/touch activated and (3) audio. For 

each system the visual interfaces contain a major component, a CRT for alpha- 
numeric displays. Also, additional visual interfaces are provided through 
illuminated indicators and pushbuttons. Touch-activated interfaces are included 
in the form of a customized keyboard as well as pushbuttons, toggle switches 
and manually adjustable parts. Each system includes, as part of the front 
panel, an audible warning in the form of a buzzer indicating that a system 
shutdown has occurred. 


Evaluation 


The demonstration successfully proved the effectiveness of the operator/ 
system interface. The benefits of the operator/system interface are: 




Reduced operator errors. 


Increased value of testing by having more operating information 
available in engineering units and in user-oriented instructions. 


Decreased operator time by faster access to data, conditions of 
system controls, etc. 


Decreased cost of field service by making adjustments available to 
authorized on-site test engineers. 


Faster system development by more customizing and fine-tuning of 
system during test programs. 


Decreased development risks because changes can readily be made to 
setpoints. 


MAINTENANCE AIDS 


A major requirement of the ARS design is long-term operating life. Such a 
requirement generally implies failures may occur during the life of ARS operation 
but the design should provide for quick fault isolation and easy maintenance 
so that the system can be returned to normal operation once a failure does 
occur. This is especially important for flight experimental hardware. To 
avoid extensive crew training and to allow the technically-untrained personnel 
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to perform fault isolation and correction, maintenance aids should be provided 
by the instrumentation which simplify these tasks. This means that all failures 
must be isolated to the LRU or LRC level by means of the fault diagnostic 
functions of the instrumentation. 

Scope of Fault Diagnostics 

Fault diagnostics only include the function of fault detection, fault isolation 
and fault correction instructions. However, the objectives of the fault 
diagnostics are to protect the system and personnel and to aid the crew members 
in correcting a fault with minimum downtime. Therefore, a broader and preferred 
definition of fault diagnostics is "any functions designed to avoid, predict, 
detect, isolate or correct a component failure.*’ Before a failure actually 
occurs the instrumentation should be designed to avoid as many faults as 
possible and to predict a failure when it has become unavoidable. Therefore, 
the sequence of fault diagnostics begins with fault avoidance followed 
fault prediction as shown in Table 7 . When a failure has occurred, the fault 
detection function next in the sequence should convey to the operator that a 
failure has happened and then automatically trigger the maintenance aid 
functions: fault isolation and fault correction instructions. The ultimate 

goal of the instrumentation is to tolerate failures to a certain extent and 
maintain the system operation in spite of failures. The fault tolerance 
function is sometimes referred to as self-healing or self-correcting. 

Maintenance Aid Concepts 

The maintenance aid scope is summarized in Table 8. The maintenance aid 
functions start with the completion of fault detection and fault isolation and 
is completed with the fault corrected. Maintenance aids include the following 
functions : 

• To provide the operator with fault correction instructions to guide 
and help him in correcting failures. 

• To provide self-healing functions which allow the system to continue 
its operation without external assistance in the presence of failures. 

• To provide the operator with scheduled maintenance instructions. 

The maintenance axd concepts are further described in the following paragraphs. 
Step-by-Step Instructions 

In computerized instrumentation, maintenance aids are incorporated into the 
computer by displaying appropriate maintenance actions step-by-step through 
the diagnostic and remedial procedures. With computerized maintenance aids 
the operator does not have to use maintenance reference manuals. 

Interactive Information Exchange 

The maintenance aid instructions are programmed in an interactive manner. 

This means that the computer displays a short and precise instruction to the 
operator. After the action has been taken by the operator he then acknowledges 
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TABLE 7 SCOPE OF FAULT DIAGNOSTICS 


Function 


Fault avoidance 


Fault prediction 


Fault detection 


Fault isolation 


Fault correction 
instructions 


Fault tolerance 


Definition 

Prevent human errors in causing 
faults 


Predict process or components 
failures by performance trend 
analysis 

Detect symptoms of component 
failures not necessarily knowing 
the cause of the symptoms 

Triggered by fault detection to 
isolate causes of a symptom 


Instruct the operating personnel 
on the maintenance actions after 
a fault Is detected 

Built-in capability to continue 
system operation without external 
assistance in the presence of 
failures 


Example 


Front panel human engineering, 
operator authorization codes, 
scheduled maintenance, etc. 

Performance trend analysis (normal 
caution, warning and alarm) 


"Temperature high caution," 
"pressure low warning," etc. 


"Temperature high caused by failure 
of coolant supply," "blower Bl 
failed," etc, 

"Pressure too high, check valves 
V-3 and V-5," "check valve V-l, 
if normal; then check sensor P2" 

Triple redundant hydrogen sensors, 
adaptive control for nonop tiraal 
environmental conditions, etc. 
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TABLE 8 MAINTENANCE AIDS SCOPE 


fa) 

• Starts with fault isolation' ' 

• Completed with fault corrected 

• Requires fault correction instructions 

a. Operator intervention 

b. Self-correcting 


(a) Fault detection has occurred 











1 ) 



i 

I 

\ 



i 


i 


■T 


j 



Cife Systems, foe. 


the completion of the required action. Upon receipt of such an acknowledgement 
the computer goes on with the maintenance aid instruction, again in a short 
and precise manner. 

Other Maintenance Aid Concepts 

As described in the previous section, maintenance aids begin with fault 
isolation and is completed with fault correction. A narrower but more precise 
definition of maintenance aids, therefore, only includes fault correction 
instructions. However, a broader definition of maintenance aids may include 
any functions designed to minimize the system downtime. These functions 
include fault prediction (such as the dynamic performance trend analysis) and 
fault tolerance (such as self correcting) in addition to fault isolation and 
fault correction instructions. In the following sections, emphasis of main- 
tenance aids will be on the fault correction instruction concepts only. 

Types of Failures 

Types of failures in an EC/LSS system or subsystems typically include: 

1. Mechanical components including actuators. 

2. Electronic components including sensors, control and monitor instrumen- 
tation . 

3. Out-of-specification conditions at the system or subsystems interfaces 
including power, coolant, etc. 

Mechanical Component Failures 

Mechanical component failures include the malfunctions of actuators such as 
valves, blowers, pumps, heaters and electrochemical cells. The failures can 
be isolated by using the actuator status indicators combined with sensors 
(both actuator feedback sensors such as speed sensor, regulator position 
sensors, etc. and parametric sensors such as temperature, pressure and flow). 

In the EC/LSS subsystems valve position indicators (VPI) , regulator position 
indicators (RPI) and blower speed sensors are designed for fault isolation 
purposes . 

Electronic Component Failures 
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Electronic component failures include sensor failures and instrumentation 
component failures. Sensor failures are difficult to isolate except tor the 
cases where dual or triple redundant sensors are used. When dual or triple 
redundant sensors are used, a miscomparison between two redundant sensor 
elements indicates that there is a sensor element failure. In the cases Where 
triple redundant sensors are used, when one sensor element fails it can be 
immediately detected and isolated by the instrumentation voting logic. 

To isolate an instrumentation failure and to provide the necessary maintenance 
instructions, dual redundancy of the instrumentation has to be implemented and 
built-in checkout instrumentation has to be designed to monitor the instru- 
mentation itself. 
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System or Subsys t em Interface Failures 

System or subsystem interface failures include that of the conditions of 
cooling air, coolant, ambient temperature and ambient relative humidity, 
shortage or loss of power, etc. Isolation of these failures requires the 
incorporation of appropriate system parametric sensors. 

Line Replaceable Units and Components 

It is important to differentiate between LRUs and LRCs with respect to their 
failures and the ease with which a failure can be located. These differences 
have been evaluated. In general, failed LRUs are more readily isolated since 
general systems schematics and configurations are derived by performing fault 
detection and isolation analysis (FDIA) to the LRU level. The LRCs which form 
a part of a LRU are more difficult to isolate since provisions must be added 
to the LRU itself to enable isolation to its LRC level. Very seldom does a 
mechanical LRU have an LRC. In general, LRCs are reserved for the control and 
monitor instrumentation of a subsystem. Typical examples are printed circuit 
cards within the instrumentation that are fault isolatable through built-in- 
checkout routines. 


Maintenance Aids Implementation Options 

Table 9 shows the options for implementing maintenance aids (fault correction 
instructions). Generally speaking, maintenance aids can be accomplished by 
providing materials which require human interpretation and decision making in 
the process of troubleshooting or through an automated procedure guided by the 
computer intelligence. 

The manual approaches are those using troubleshooting flow charts and mainten- 
ance manuals. The person performing the maintenance requires a considerable 
amount of knowledge about the system in order to carry out the maintenance 
task once a failure has occurred and is flagged by the instrumentation. He 
has to go through the fault isolation procedure specified in the flow charts 
or manuals Which are designed to help him make the decisions. This approach 
is generally acceptable when specially trained field service technicians are 
available. To better help the technicians in performing the maintenance, 
other forms of aids such as microfilmed maintenance instructions can be used. 
The microfilm approach can reduce a large quantity of maintenance data to a 
rather small volume which helps the maintenance personnel when travel is 
required or when storage of maintenance manuals, schematics and flow charts 
becomes a problem. This approach is particularly attractive to service- 
oriented organizations since they can dispatch a service person to different 
customer locations to repair a number of different systems with a small package 
of microfilm and a microfilm projector. The above-mentioned approaches, 
however, have the same drawbacks: the requirements for extensive technical 

personnel training and the large physical sizes of the flow charts, manuals or 
the microfilm projector. 

The tape-recorded type maintenance aids can reduce some amount of training. 

The recorded messages (either video or audio) , when properly done, can serve 
as on-site instant training. The drawback of this approach is again the 
technical background needed and the physical size of the recorder, 




TABLE 9 MAINTENANCE AIDS IMPLEMENTATION OPTIONS 


Option 

Manual Maintenance Aids 

1 . Troubleshooting Flow Charts 

2. Maintenance Manual 

3. Microfilmed Maintenance Instructions 

4. Tape-recorded Maintenance Instructions 

Computer-Guided Maintenance Aids 

1 . Graphic Display of Schematics 

2. Interactive Graphic Display of Schematics 

3* Off-line Interactive Maintenance Instructions 

4. On-line Interactive Maintenance Instructions 

5. Built-in Interactive Maintenance Instructions 


Size (a) (b) (c) (d) 

Cost 

Performance 

small 

lowest 

poor 

medium 

lowest 

poor 

large 

low to moderate 

poor 

large 

moderate to high 

poor 

largest 

high 

fair 

largest 

highest 

excellent 

largest 

moderate 

fair 

largest 

high 

good 

smallest ^ 

high 

good 


(a) Size; Volume and Weight 

(b) Performance Criteria: Human factor, training required, background required and human 

decision required 

(c) If a data acquisition system already exists as a TSA, then the size requirement is minimal 

(d) Built into Control/Monitor Instrumentation enclosure 
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For EC/LSS applications, none of the manual maintenance aids mentioned above 
is adequate because of the unique requirements of the EC/LSS. These require- 
ments include: (1) the design should be for users who have no electronics 

background and (2) the system downtime should be minimized. These requirements 
imply that human decisions in the process of troubleshooting should be minimal 
and limited to simple step-by-step and "yes and no" type decisions. Therefore, 
the computer- guided maintenance aids are a must for an EC/LSS application. 



Coinputer-guided maintenance aids can be further divided into those using 
graphic display terminals, graphic display terminals with light pens, off-line 
interactive maintenance instructions and on-line interactive maintenance 
instructions. By using graphic display techniques, detailed system schematics 
as well as graphic presentation of maintenance (e.g. location of components) 
can be prepared to aid a technically- untrained person to correct a fault. The 
operator/machine interaction can be done through the use of a light pen or a 
keyboard to acknowledge the operator’s action during a troubleshooting procedure. 
This approach, with the computer guidance and the display power of a graphic 
terminal, eliminates the drawbacks of the manual approaches discussed previously. 
However, the volume, weight and cost of this approach make it impractical for 
the EC/LSS hardware. The recommended approach for the EC/LSS maintenance aids 
implementation is to use computer guidance displayed on an alphanumerical 
display unit. The display unit could be a CRT/keyboard terminal or the built- 
in operator/system interface designed for EC/LSS and described in the previous 
section. The configuration options of computer-guided maintenance aid instruc- 
tions are: 

1. Off-line stand-alone system — Use a stand-alone computer system 
with a CRT/keyboard terminal and a floppy disk subsystem (or any 
magnetic mass storage unit). 

2. On-line system with separate computer Use a computer system 
similar to the one described above but with a communication link by 
which parametric data and status can be transmitted from the control 
and monitor instrumentation (C/M I) to the "Maintenance Aids" computer . 

3. On-line built-in system — Use the C/M I computer to implement 
maintenance aids. 

These three options are illustrated in Figures 15, 16 and 17 * 

The first two options listed above require the use of a dedicated maintenance 
aid computer which is not a part of the C/M I. The third option can be imple- 
mented only if the C/M I is a computerized instrumentation. 

In the first option, off-line computer-guided interactive maintenance aids, 
the fault correction procedure requires extensive human inputs . The operator 
has to answer questions such as "What is the symptom?," "What is the process 
air flow rate?," "Does valve V5 position indicator indicate open?" and "Is 
temperature normal?" Thus, a considerable amount of human inputs and decisions 
are still needed. Some of the inputs and decisions may be available from the 
C/M I if the C/M I is designed properly. However, being an off-line system, 
it still requires the operator to transfer the data or status from the C/M I 
to the stand-alone maintenance aids computer. 
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In the second option, on-line computer-guided interactive maintenance aids, 
the human decision-making portion of the procedure is replaced by the data 
link between the computer and the C/M I (which also could but not necessarily 
have a computer in it) , The type of questions the operator answers are simpler 
than those described previously because all parametric data or status are 
automatically transmitted from the C/M I to the maintenance aids computer for 
fault isolation analysis and fault correction instruction generation. Short 
and precise instructions are given by the computer. For example, "check air 
filter and replace if necessary," "check valve VI, if open enter 1" or "replace 
VI driver." 

The two approaches discussed above are recommended when detailed, user- 
oriented instructions are desired. In this case, a large amount of memory is 
required to store the fault isolation, correction logic and the instructions. 
This approach is especially attractive if a TSA computer for data acquisition 
already exists — thus, very little additional hardware cost is involved. 

The ultimate goal of maintenance aids is the third approach: built-in computer- 

guided interactive maintenance aids . This is the case where the fault isolation 
analysis, the fault correction logic and the correction instructions are 
programmed into the C/M I software and uses the opera tor/ system interface 
described in the previous section. This approach provides the C/M I with 
built-in maintenance aids capability. The degree of maintenance aids and the 
extent of the instructions depend on the phase of a development program. As 
discussed previously in this report, debugging effort, flexibility, scientific 
data, development information and the amount of information exchange through 
the operator/system interface decrease as the development stage of the instru- 
mentation moves toward production. At the same time, reliability, in situ 
calibration and fault tolerance needs increase. The increasing amount or 
degree of reliability, in situ calibration and fault tolerance will eventually 
relieve the requirements of extensive maintenance aids or interactive fault 
correction instructions . 

Maintenance Aids Demonstration 

The maintenance aids demonstration includes the implementation of computer 
software to predict failures of CS-3 cell voltage, temperature and process air 
relative humidity and to isolate and correct causes of low cell voltage and 
low process air flow rate. 

Dynamic Performance Trend Analysis Demonstration 

Although fault prediction does not fall within the boundaries of maintenance 
aids, it can help reduce system failures by alerting the operator before a 
failure actually occurs. Fault prediction is , therefore , important in reducing 
the amount of maintenance effort. 

The dynamic performance trend analysis is a technique to predict a failure by 
calculating first derivatives of system parametric data. The concept is 
illustrated in Figure 18. Fluctuations of a sensor reading within the normal 
limits are typically ignored. Its future projection will be forecasted based 
on calculated slopes and the "trend" recognized after four consecutive and 
consistent estimates are encountered. 
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A demonstration of dynamic performance trend analysis has been implemented 
within the CS-3 instrumentation. The parameters chosen for this demonstration 
were cell voltage, module temperature and process air relative humidity. 

Fault Correction Instruction Demonstration 

A demonstration of fault correction instruction is implemented within the 
CS-3 instrumentation. The demonstration is designed to isolate the failure 
which causes low process air flow and low cell voltage. Figures 19 and 20 
illustrate how the fault correction instructions are generated for the diagnosis 
of low process air flow and low cell voltage, respectively . 

EC/LSS INSTRUMENTATION TREND 

The EC/LSS instrumentation development objectives are directed toward increasing 
instrumentation capabilities and simultaneously reducing the instrumentation 
packaging size. The development effort so far, however, is concentrated ori 
increasing the instrumentation capability. Figure 21 depicts the instru- 
mentation evolution from the One-Man Experimental CCL Concentrator (CX-1) in 
the early 1970*8, the CS-3 of the on-going program, the next generation ARS 
instrumentation and the final flight hardware instrumentation. 

The significant instrumentation development effort between the CX-1 style 
instrumentation and the CS-3 style instrumentation includes the development of 
the instrumentation * s architecture using computer-based components , the develop- 
ment of the operator/system interface and maintenance aids as addressed by the 
current program. From the present instrumentation to the next generation ARS 
instrumentation requires the following significant effort: 

1. Upgrading of the instrumentation* s architecture after the completion 
of the development of opera tor/system interface and maintenance 
aids . 



\ 

i 


i 





2, Incorporation of advanced instrumentation concepts such as the fault 
tolerance capability, advanced digital control algorithms, built-in- 
checkout capability and dual redundant processor concepts, 

3 . Development of next generation instrumentation packaging using 
state-of-the-art electronics components. 

Since this development program started two years ago, significant and tangible 
electronic advances have occurred which include the following: 

1> New microprocessor and microcomputer chips --more powerful micro- 
processor chips including 16-bit microprocessors and complete 
microcomputers on a single chip are now available off-the-shelf, 

2, Computer memory technologies — larger capacity of Read-Only Memory 
(ROM) and Random- Access Memory (RAM) are now available off-the- 
shelf. 
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3. New interface integrated circuits--display controller chips, input/ 
output interface chips, etc. are now available off-the-shelf. 

With these newly available electronic components, the size of the EC/LSS 
instrumentation as demonstrated in this program can be further reduced and the 
reliability be further increased. It is also anticipated that a final version 
of the EC/LSS instrumentation may have a remotely located panel or an interface 
designed to communicate with the spacecrafts central computer. With the 
advances of electronic technology, these objectives can be met in the near 
future. 

Relatively less effort in the past has been directed toward designing the 
EC/LSS instrumentation with advanced control techniques. This is partially 
because the computer-based controller was not available until recently. The 
digital computer process control techniques have developed rapidly in recent 
years. The hardware limitations have, for the most part, been solved. Control 
algorithms from the simple ones such as bang-bang control, proportional- 
integration-derivative control to the more complicated cascade control, adaptive 
control, on-line tuning and dead-time compensation techniques should be evaluated 
and designed for the control of ARS hardware. 

It can be predicted that the final version of the EC/LSS instrumentation at 
the time of actual spacecraft application will be one which communicates with 
the spacecraft central computer, utilizes the most advanced control techniques 
for accurate, precise, stable and optimal process controls, tolerates component 
failures partially or fully, has dual redundant processors and built-in- 
checkout capability, and displays maintenance aid instructions if failures 
exceed the fault tolerance capability. It would be designed with a 16-bit 
microprocessor, Large-Scale Integration electronics, redundant sensor element, 
low power consumption and small size. 

CONCLUSIONS 

The goals of this development program include the study, design and demon- 
strations of operator/system interface techniques and maintenance aid concepts, 
The results are part of a program to develop advanced instrumentation applicable 
to an EC/LSS or its subsystems. These goals were successfully achieved and 
the following conclusions resulted from this development program: 

1 . The operator/ system interface has been successfully designed, checked 
out and demonstrated with an EC/LSS subsystem (CS-3) and a system 
(ARX-1) . The design proves to have the following benefits: 


• Developments can be carried out with flexibility in modifying 
operating characteristics such as setpoints, timing constants 
and calibration curves. 



Flight hardware or experiments can be carried out with improved 
efficiency because of the built-in capabilities for displaying 
parametric data and examining system parameters. 
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• Human errors are greatly reduced because of the human engineered 
design and tbe operator authorization code concept incorporated 
into the opera tor/ system interface, 

2. The opera tor/ system interface design in this development program 
allows future upgrading using better components that will become 
available with the advances of electronics technology, 

3 . Maintenance aid concepts have been studied, evaluated and demonstrated 
with a subsystem (CS-3) » A number of maintenance aid implementation 
options have been investigated and illustrated. Depending on develop- 
meat stages of a subsystem, maintenance aids can be incorporated 

into a TSA computer or built into the C/M I itself. 

RECOMMENDATIONS 

The following additional tasks have been identified and are recommended for 
future development. The tasks are: 

1, Study and incorporate the concept of "self-healing" or fault tolerance, 
This is the capability to detect and bypass faults within the instru- 
mentation itself with a goal of providing two years of maintenance-free 
service, Achievement of this capability requires employing a combina- 
tion of such existing techniques as: 

a . Data /information transmission error checking 

b. Triple modular redundancy 

c. Dual instrumentation operations 

Evaluate built-in checkout circuits which can verify the integrity 
of the instrumentation itself and allow maintenance to the IRC 
level. This activity ties in closely with the detection step of the 
self-healing concept listed above. 

3. Investigate the concept of using initial actuator "signatures" and 
periodic comparisons with the actuator's real-time signatures as 
part of an advancement in fault prediction/isolation concepts, 

4. Establish methods and slsse impacts for providing the retention of 
calibration curves for spare sensors in memory to be used following 
the replacement of a faulty sensor. 

5. Evaluate the need and techniques for recording and storing operating 
parameters and conditions for each out-of- tolerance event occurring 
with ARS hardware. Focus shall he on the time preceding and following 
an out-of-tolerance event, allowing the data collected to he used 

for subsequent diagnostics. 
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